Access Control / Private Pages

OVERVIEW:

The template system offers a way to make 'Basic Page' content types private, available only to logged in Princeton University members. If a site visitor attempts to access a page that is set to "private" and they are not already logged in, they will see an Access Denied alert and be prompted to enter their Princeton University NetID (PUID) and password before they are able to view the content of the private page.

Note that the ability to set private pages is turned OFF by default. To begin using private pages the PWDS Access Control app must first be turned ON by a site administrator. Once the app is turned on, the "set as private" feature will be visible on basic pages.

FAST FACTS:

Site Administrator must turn on PWDS Access Control app to enable private functionality.

PWDS Access Control app allows only people with Princeton User role to view private content.

Anyone with a PUID can log in to a private page so, do not store any Restricted or Confidential content on your website.

Keep in mind that public pages that are later set to private are probably already indexed and cached by search engines and web crawlers.

Files that you upload to the website are NOT private.

Protect Our Information

Please consider the types of content that you are storing on your website. Do not store any Restricted or Confidential content on your website. Please refer to the Protect Our Information website for additional information.

Step 1: Enable the Access Control App

Click on the PWDS Access Control app, then click Enable App. Do not reload or close the page until you get the Success alert, this can take a minute or two so please be patient.

Step 2: Make a Page Private

After the Access Control app is turned on:

Create a new basic page or edit an existing one.

Under the Privacy Options of the page, check the private page checkbox.

Items to Note:

If a link to a private page is added to a menu, the link will not be visible unless the user is logged in.

Once a user attempts to access a private page, the user will see the "access denied" message.

The site visitor is prompted to Log in via the CAS authentication service by entering their NetID and password to access the content of the private page.

TIPS:
Customize your access denied message

By default, the system will display the standard "access denied" message. If you want, you can use a customized 403 Access page to notify your readers that they are trying to access private content and will be required to log in.

"The content on this page requires a Princeton University netID and password to access. You will be prompted to enter your University netID and password before accessing the content."

Linking to Private Pages

If you have a private page that you would like to send visitors to you can use the following URL pattern which will take them directly to the page after login or to the page if they are already logged in. For example: